function destroy_public()
    {

        if(!isset($_SESSION['active_user']))
            redirect_to(make_url('users', 'login'));

        if(!isset($_POST['Submit']))
            redirect_to(make_url('dmessages', 'public_msg'));

        $user_id = $_SESSION['active_user']['id'];

    // get message
        $dm  = instance_model('direct_message');
        $message = $dm->get_by_id($user_id, $_POST['id']);

        if($message == array())
        {
            new_flash('Message does not exist', 1);
            redirect_to(make_url('dmessages', 'public_msg'));
        }

    // Delete
        $dm->delete_by_id($user_id, $_POST['id']);

        redirect_to(make_url('dmessages', 'public_msg'));
    }
Exemplo n.º 2
0
    function delete_set($id, $clean_user_name)
    {
        $m_gallery = instance_model('gallery');
        $m_gallery->delete_gallery($id, $clean_user_name);

        $this->delete_by_id($id);
    }
    function create($user_id, $message, $time)
    {
        $usr = instance_model('users');
        $usr->verify_user_id($user_id);

        validate_message($message);

        $query = "INSERT INTO `messages` (`User_ID`, `Time`, `Message`)
            VALUES ('@v', '@v', '@v')";

        $this->query($query, $user_id, $time, $message);
    }
Exemplo n.º 4
0
    function note_ajax()
    {
        if(isset($_POST['note_content']))
        {
            $note_db = instance_model('notes');

            $note_id = $_POST['note_id'];
            $note    = $_POST['note_content'];

            $note_db->update_note($note_id, $note);
        }
    }
Exemplo n.º 5
0
    function display_navigation()
    {
        $m_navi = instance_model('navigation');
        $navi = $m_navi->get_all('Order');

        $m_page = instance_model('page');

        $output = array();
        foreach($navi as $row)
        {
            $out_title = '';
            $out_url   = '';

            if($row['Type'] == 'page')
            {
                $page = $m_page->get_by_id($row['Data']);

                if($page == array())
                {
                    $out_title = '[Not Found]';
                    $out_url   = '#';
                }
                else
                {
                    $out_title = $row['Title'];
                    $out_url   = make_url('page', $page[0]['Clean_title']);
                
                }
            }
            else if($row['Type'] == 'url')
            {
                $out_title = $row['Title'];
                $out_url   = $row['Data'];
            }

            $output []= array(
                'title' => $out_title,
                'url'   => $out_url);
        }

        $view = instance_view('navigation');
        $view->parse(array(
            'navi' => $output
        ));
    }
Exemplo n.º 6
0
function handle_error($e)
{
    if(APP_MODE == 'test')
        throw $e;
    else
    {
    // Log the error with transaction id if avalable
        $type  = get_class($e);
        $trace = print_r($e->getTrace(), true);
        $msg = $e->getMessage();

        $pay_id = 'n/a';
        if(isset($_SESSION['payment_id']))
            $pay_id = $_SESSION['payment_id'];

        if($type == 'e_404')
        {
            $error = instance_view('404', 'theme/');
            $error = $error->parse_to_variable(array()); 
        }
        else
        {
            try {
                $model = instance_model('error_log');
                $code = $model->create($type, $msg, $trace, $pay_id);
            } catch(exception $e) {
                die();
            }

            $error = instance_view('server_error', 'theme/');
            $error = $error->parse_to_variable(array(
                'code' => $code
            )); 
        }

        $outer_template = instance_view('template', 'theme/');
        $outer_template->parse(array(
            'content' => $error
        ));
    }
}
    function new_dm($user_id, $type, $remote_name, $remote_profile,
        $remote_avatar, $remote_message, $remote_time)
    {
        $users = instance_model('users');
        $users->verify_user_id($user_id);

        if(!($type == "public" || $type == 'private'))
            throw new invalid_dm_type_exception();

        validate_username($remote_name);
        validate_url($remote_profile);
        validate_avatar($remote_avatar);
        validate_message($remote_message);

        $query = "INSERT INTO `direct-message`
            (`User_ID`, `Type`, `Remote_name`, `Remote_profile`,
                `Remote_avatar`, `Remote_message`, `Remote_time`)
            VALUES ('@v','@v','@v','@v','@v', '@v', '@v')";

        $this->query($query, $user_id, $type, $remote_name,
            $remote_profile, $remote_avatar, $remote_message, $remote_time);
    }
Exemplo n.º 8
0
    function get_in_category($id)
    {

        $m_set = instance_model('gallery_set');
        $m_members = instance_model('members');

    // Get sets in category
        $set = $m_set->get_by_category($id);

        $listed_users = array();
        $cat_contents = array();
        
        foreach($set as $itm)
        {
            $i_member = $m_members->get_by_id($itm['Owner']);

        // Merge in members
            if(count($i_member) > 0 && !in_array($i_member[0]['ID'], $listed_users))
                $cat_contents = array_merge($cat_contents, $i_member);
        }

        return $cat_contents;
    }
    function check_update($remote_url, $rmt = false)
    {
        $cached_user = $this->get_cached_user($remote_url);

        if($rmt == false)
            $rmt = instance_model('remotes');

        if($cached_user == array())
        {
            $this->new_cached_user($remote_url);
            $cached_user[0]['Update_cache'] = 1;
        }

        if($cached_user[0]['Update_cache'] == 1)
        {
        //download remotes message stream
            $messages = $rmt->get_message_stream($remote_url);

            $user_url     = $remote_url;
            $user_profile = $messages->head->user_profile;
            $user_avatar  = $messages->head->user_avatar;
            $user_alias   = $messages->head->by_user;

        //delete any existing cache from that user
            $this->purge_remote($remote_url);

            foreach($messages->message as $message)
            {
                $this->new_item($user_url, $user_alias, $user_profile,
                    $user_avatar, $message->time, $message->message);
            }

        // clear the cache update flag
            $this->clear_cache_update($remote_url);
        }
    }
Exemplo n.º 10
0
    function edit()
    {
        if(!(isset($_SESSION['active_user']) && $_SESSION['active_user']['type'] == 'admin'))
            redirect_to('/');

        $this->load_outer_template('admin');

        $usr = instance_model('users');

        if(!isset($_POST['Submit']))
        {
            $user = $usr->get_user_by_id($_SESSION['active_user']['id']);

            if($user == array())
                throw new exception("User does not exist");

            $form_vals = make_reg_vals_array('', $user[0]['Ppal_email'], '', '');

        // display user edit form
            $view = instance_view('users/edit');
            $view = $view->parse_to_variable(array(
                'form_vals' => $form_vals));

            $this->set_template_paramiters(array(
                'content' => $view
            ));
        }
        else
        {
        // reed the form
            $form_vals = array(
                'errs'       => array(),
                'ppal_email' => $_POST['ppal_email'],
                'oldpass'    => $_POST['oldpass'],
                'pass'       => $_POST['pass'],
                'pass_v'     => $_POST['pass_v']);

        // Instance users model
            $test_exists = array();

        // Validate email
            try
            {
                validate_email($form_vals['ppal_email']);
                $test_exists = $usr->get_user_by_email($form_vals['ppal_email']);

                if($test_exists != array() && $test_exists[0]['ID'] != $_SESSION['active_user']['id'])
                {
                    new_flash('Email address is already in use', 1);
                    $form_vals['ppal_email'] = '';
                }
            }
            catch(exception $e)
            {
                    new_flash('Email address is invalid', 1);
            }

        // Validate passwords
            if($form_vals['oldpass'] != '')
            {
                try {
                    $selected_user = $usr->verify_user($_SESSION['active_user']['name'], $form_vals['oldpass']);

                    if($selected_user == false)
                        throw new exception();

                    if(mb_strlen($form_vals['pass'], 'utf8') < 6)
                        new_flash('Password too short, min 6 charicters', 1);

                    else if(sha1($form_vals['pass']) != sha1($form_vals['pass_v']))
                        new_flash('Passwords do not match', 1);
                }
                catch(redirecting_to $e)
                {
                    throw $e;
                }
                catch(exception $e)
                {
                    new_flash('Username or password is incorrect', 1);
                }
            }

            if(count(get_errors()) == 0)
            {
            // Everything was valid, save, login and redirect
                $usr->update_user_email($_SESSION['active_user']['id'], $form_vals['ppal_email']);

                if($form_vals['oldpass'])
                {
                    $usr->update_password($_SESSION['active_user']['id'], $form_vals['pass']);
                }

                new_flash("Settings updated", 1);
            }

        // else re-display the register form and show errors
            //else
            //{
                $view = instance_view("users/edit");
                $view = $view->parse_to_variable(array(
                    'form_vals' => $form_vals));

                $this->set_template_paramiters(array(
                    'content' => $view
                ));
            //}
        }
    }
    function avatar()
    {
        if(!isset($_SESSION['active_user']))
            redirect_to(make_url("users"));

        $usr = instance_model('users');
        $user = $usr->get_user_by_id($_SESSION['active_user']['id']);

        if($user == array())
            throw new no_such_user_exception();

        if(!isset($_POST['Submit']))
        {
        // Display main
            $view = instance_view('settings_avatar');
            $view = $view->parse_to_variable(array(
                'user' => $user));
        }
        else
        {
        // Validate file type
            $type = array_pop(preg_split('/\./', $_FILES['file']['name']));

            $valid_extensions = array('png', 'jpg', 'jpeg', 'JPG', 'JPEG');

            for($found_type = 0; $found_type < count($valid_extensions); $found_type ++)
                if($type == $valid_extensions[$found_type])
                {
                    $found_type = -1;
                    break;
                }

            if($found_type != -1)
            {
                new_flash('Invalid file type', 1);
                redirect_to(make_url('settings', 'avatar'));
            }

            $tmpname = 'media/' . sha1(time()) . '.' . $type;

            if (@move_uploaded_file($_FILES['file']['tmp_name'], $tmpname)) 
            {
            // Load the image
                if($type == 'png')
                    $img = @imagecreatefrompng($tmpname);
                else
                    $img = @imagecreatefromjpeg($tmpname);

                if($img == false)
                {
                    new_flash('Problem with image', 1);
                    redirect_to(make_url('settings', 'avatar'));
                }

            // Resize
                $oldsize = getimagesize($tmpname);

                $img_n = imagecreatetruecolor(100, 100);
                imagecopyresampled($img_n, $img, 0, 0, 0, 0,
                    100, 100, $oldsize[0], $oldsize[1]);

                $avatar = 'media/' . $_SESSION['active_user']['name'] . '.jpg';
                $result = imagejpeg($img_n, $avatar , 90); 

                unlink($tmpname);

                if($result == false)
                {
                    new_flash('Problem with image', 1);
                    redirect_to(make_url('settings', 'avatar'));
                }

                print make_ext_url($avatar);

                $usr->update_avatar($user[0]['ID'], 
                    make_ext_url($avatar));

            // Delete the old avatar as long as it is not the default
                $old_avatar = basename($user[0]['Avatar']);
                if(preg_match('/.+default_avatar\.jpg/', $old_avatar))
                    unlink('media/' . $old_avatar);

                redirect_to(make_url('settings', 'avatar'));
            }
            else
            {
                new_flash("File failed to upload");
                redirect_to(make_url('settings', 'avatar'));
            }
        }

    // Display sidebar
        $sb_view = instance_view("settings_sidebar");
        $sb_view = $sb_view->parse_to_variable(array(
            'uid'   => $_SESSION['active_user']['id'],
            'uname' => $_SESSION['active_user']['name']));

        $this->set_template_paramiters(
            array('main_content' => $view,
                  'sidebar'      => $sb_view));
    }
Exemplo n.º 12
0
    function admin_files_delete()
    {
    // Require admin login
        if(!(isset($_SESSION['active_user']) && $_SESSION['active_user']['type'] == 'admin'))
            redirect_to('/');

        $this->load_outer_template('admin');

        $m_files = instance_model('files');

        if(isset($_POST['Submit']))
        {
            $action = $_POST['Submit'];
            $id     = $_POST['item'];

            if($action == "Delete") {
                $file = $m_files->get_by_id($id);

                if($file == array())
                    throw new exception("File does not exist");

            // delete file on disk
                $path = 'res/files/' . $file[0]['Title'];
                if(file_exists($path))
                    unlink($path);

                $path = 'res/files/thumbs/' . $file[0]['Title'];
                if(file_exists($path))
                    unlink($path);

            // remove from db
                $m_files->delete_by_id($id);
            }

            redirect_to(make_url('files', 'admin_files'));
        }

        if(!isset($this->params[2]) || (!is_numeric($this->params[2])))
            throw new exception("No member specified");

        $item = $this->params[2];

        $file = $m_files->get_by_id($item);

        if($file == array())
            throw new exception("File does not exist");

        $title = $file[0]['Title'];

        $view = instance_view('admin/delete_generic');
        $view = $view->parse_to_variable(array(
            'back_url' => make_url('files', 'admin_files'),
            'title'    => 'Delete file page',
            'msg'      => "Are you sure you wish to <strong>permenantly</strong> delete file $title?",
            'form_url' => make_url('files', 'admin_files_delete'),
            'item'     => $item
        ));

        $this->set_template_paramiters(array(
            'content' => $view
        ));
    }
    function test_follow_valid_user()
    {
        $usr = new mdl_users();
        $usr->update_avatar(1, APP_ROOT . 'media/default_avatar.jpg');

        $msg = new ctrl_messages();
        $msg->params = array('messages', 'follow', 'fred');

    // catch result with output buffering
        ob_start();
        $msg->follow();
        $result = ob_get_contents();
        ob_end_clean();

    // run through get_message_stream() to validate
        $rmt = instance_model('remotes');
        $rmt->get_message_stream(APP_ROOT . 'messages/follow/fred',
            $result);
    }
    function ping($rmt = false)
    {
        try
        {
            $this->outer_template = null;

            $usr = instance_model('users');
            $rel = instance_model("relations");
            if($rmt == false)
                $rmt = instance_model('remotes');

            $ping_data = $rmt->decode_ping($_POST['data']);

/*+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/
            switch($ping_data->type)
            {
            case 'add':
            // Validate remote stream
                try {
                    validate_url($ping_data->data);
                } catch(exception $e) {
                    echo $rmt->make_ping_response('fail',
                        "Message stream URL is invalid");
                    return;
                }

                $messages = $rmt->get_message_stream($ping_data->data);

            // Check if the user exists
                $user = $usr->get_user_by_name($ping_data->user);

                if($user == array())
                {
                    echo $rmt->make_ping_response('fail',
                        "The requested user does not exist on this node");
                    return;
                }

            // check if the user from the remote is already registered as a follower
                $follower = $rel->get_follower_by_rmt_url($user[0]['ID'], $ping_data->data);

                if($follower != array())
                {
                    echo $rmt->make_ping_response('fail',
                        "You are already following this user.");
                    return;
                }

            // If not, add it
                $rel->create_follower($user[0]['ID'], $ping_data->data, $messages->head->by_user,
                    $messages->head->user_profile, $messages->head->user_avatar, $ping_data->user_pub_key,
                    $messages->head->relation_pingback, $messages->head->message_pingback);

                echo $rmt->make_ping_response('success');
                break;

/*+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/
            case 'remove':
            // Get the user
                $user = $usr->get_user_by_name($ping_data->user);

                if($user == array())
                {
                    echo $rmt->make_ping_response('fail',
                        "The requested user does not exist on this node");
                    return;
                }

            // Get follower from followers table
                $follower = $rel->get_follower_by_rmt_url($user[0]['ID'], $ping_data->data);

                if($follower == array())
                {
                    echo $rmt->make_ping_response('fail',
                        "Follower not found");
                    return;
                }
                
                $rmt->varify_ping_signature($ping_data, $follower[0]['Remote_pub_key']);

            // If valid, remove the remote user as a follower
                $rel->remove_follower_by_id($user[0]['ID'], $follower[0]['ID']);

                echo $rmt->make_ping_response('success');

                break;

/*+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/
            default:
                echo $rmt->make_ping_response('fail', 'Invalid ping type');
            }
        }
        catch(exception $e)
        {
            echo $rmt->make_ping_response('fail', "Server error");
        }
    }
Exemplo n.º 15
0
    function admin_gallery_delete()
    {
    // Require admin login
        if(!(isset($_SESSION['active_user']) && $_SESSION['active_user']['type'] == 'admin'))
            redirect_to('/');

        $this->load_outer_template('admin');

        if(!isset($this->params[2]) || (!is_numeric($this->params[2])))
            throw new exception("No set specified");

        $set_id = $this->params[2];

        $m_gallery = instance_model('gallery');

        if(isset($_POST['Submit']))
        {
            $action = $_POST['Submit'];
            $id     = $_POST['item'];

            if($action == "Delete") {
                $image = $m_gallery->get_by_id($id);

                if($image == array())
                    throw new exception("Image does not exist");

                $m_set     = instance_model('gallery_set');
                $m_members = instance_model('members');

                $set = $m_set->get_by_id($set_id);

                if($set == array())
                    throw new exception("Image set does not exist");

                $member = $m_members->get_by_id($set[0]['Owner']);

                if($member == array())
                    throw new exception("Member does not exist");

            // delete file on disk
                $path = 'res/gallery/' . $member[0]['Clean_title'] . '/' . $image[0]['File'];
                if(file_exists($path))
                    unlink($path);

                $path = 'res/gallery/' . $member[0]['Clean_title'] . '/thumbs/' . $image[0]['File'];
                if(file_exists($path))
                    unlink($path);

            // remove from db
                $m_gallery->delete_by_id($id);
            }

            redirect_to(make_url('members', 'admin_gallery', $set_id));
        }


        if(!isset($this->params[3]) || (!is_numeric($this->params[3])))
            throw new exception("No image specified");

        $item   = $this->params[3];

        $image = $m_gallery->get_by_id($item);

        if($image == array())
            throw new exception("Image does not exist");

        $title = $image[0]['File'];

        $view = instance_view('admin/delete_generic');
        $view = $view->parse_to_variable(array(
            'back_url' => make_url('members', 'admin_gallery', $set_id),
            'title'    => 'Delete gallery image',
            'msg'      => "Are you sure you wish to <strong>permenantly</strong> delete image $title?",
            'form_url' => make_url('members', 'admin_gallery_delete', $set_id, $item),
            'item'     => $item
        ));

        $this->set_template_paramiters(array(
            'content' => $view
        ));
    }
    function ping($rmt = false)
    {
        try 
        {

            $this->outer_template = null;

            if($rmt == false)
                $rmt = instance_model('remotes');

            @header('Content-type: text/xml');

            if(!isset($_POST['data']))
                throw new exception();

        // Decode ping
            $ping_data = $rmt->decode_ping($_POST['data']);


/*+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/
            switch($ping_data->type)
            {
            case 'update':
                $csh = instance_model('message_cache');
                $csh->flag_cache_update($ping_data->data);

                echo $rmt->make_ping_response('success');
                break;

/*+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/
            case 'public':
            // Get the user
                $usr = instance_model('users');
                $user = $usr->get_user_by_name($ping_data->user);

                $dim = instance_model('direct_message');

            // Decode data xml
                $XML = simplexml_load_string($ping_data->data);

                $remote_name    = (string) $XML->remote_name;
                $remote_profile = (string) $XML->remote_profile;
                $remote_avatar  = (string) $XML->remote_avatar;
                $remote_message = (string) $XML->remote_message;
                $remote_time    = (string) $XML->remote_time;

            // Create DM
                $dim->new_dm($user[0]['ID'], $ping_data->type,
                    $remote_name, $remote_profile, $remote_avatar,
                    $remote_message, $remote_time);

                echo $rmt->make_ping_response('success');
                break;

/*+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/
            default:
                echo $rmt->make_ping_response('fail', 'Invalid ping type');
            }

        }
        catch(Exception $e)
        {
            echo $rmt->make_ping_response('fail', 'Server error');
        }
    }
function get_latest_by_local($user_id)
{
    $msg = instance_model("messages");
    return $msg->get_by_user_id($user_id);
}
    function test_register_valid()
    {
        $_POST = array(
            'name'   => 'test',
            'email'  => '*****@*****.**',
            'pass'   => 'aaaaaa',
            'pass_v' => 'aaaaaa',
            'Submit' => 'Submit');

        $usr = new ctrl_users();

        try
        {
            $usr->register();
            $this->fail();
        }
        catch(exception $e)
        {
            $this->assertEquals(preg_match("/messages/", $e->getMessage()), 1);
        }

        $users = instance_model('users');
        $user = $users->get_user_by_name('test');

        $this->assertFalse($user == array());
    }
    function profile()
    {
        $flash = 'The specified user does not exist, here are the users on this node';
        if(!isset($this->params[2]))
        {
            new_flash($flash, 1);
            redirect_to(make_url('users'));
        }

        $user_name = $this->params[2];

        $usr = instance_model('users');
        $user = $usr->get_user_by_name($user_name);

        if($user == array())
        {
            new_flash($flash, 1);
            redirect_to(make_url('users'));
        }

        $msg = instance_model('messages');
        $messages = $msg->get_by_user_id($user[0]['ID']);

        $view = instance_view('profile');
        $view = $view->parse_to_variable(array(
            'messages' => $messages,
            'user'     => $user,
            'form_message' => 'Delete',
            'form_target'  => make_url('messages', 'destroy')));

        $sb_view = instance_view('profile_sidebar');
        $sb_view = $sb_view->parse_to_variable(array(
            'uid'      => $user[0]['ID'],
            'uname'    => $user[0]['User_name'],
            'fname'    => $user[0]['Full_name'],
            'location' => $user[0]['Location'],
            'web'      => $user[0]['Web'],
            'bio'      => $user[0]['Bio']));

    // Display
        $this->set_template_paramiters(
            array('main_content' => $view,
                  'sidebar'      => $sb_view));
    }
function get_message_count($user_id)
{
    $msg = instance_model('messages');
    $messages = $msg->get_by_user_id($user_id);
    return count($messages);
}
Exemplo n.º 21
0
    function admin_navi_delete()
    {
    // Require admin login
        if(!(isset($_SESSION['active_user']) && $_SESSION['active_user']['type'] == 'admin'))
            redirect_to('/');

        $this->load_outer_template('admin');

        $m_navi = instance_model('navigation');

        if(isset($_POST['Submit']))
        {
            $action = $_POST['Submit'];
            $id     = $_POST['item'];

            if($action == "Delete") {
                $link = $m_navi->get_by_id($id);

                if($link == array())
                    throw new exception("Navi link does not exist");

            // remove from db
                $m_navi->delete_by_id($id);
            }

            redirect_to(make_url('navi', 'admin_navi'));
        }

        if(!isset($this->params[2]) || (!is_numeric($this->params[2])))
            throw new exception("No link specified");

        $item = $this->params[2];

        $link = $m_navi->get_by_id($item);

        if($link == array())
            throw new exception("Navi link does not exist");

        $title = $link[0]['Title'];

        $view = instance_view('admin/delete_generic');
        $view = $view->parse_to_variable(array(
            'back_url' => make_url('navi', 'admin_navi'),
            'title'    => 'Delete navigation link',
            'msg'      => "Are you sure you wish to <strong>permenantly</strong> delete link $title?",
            'form_url' => make_url('navi', 'admin_navi_delete'),
            'item'     => $item
        ));

        $this->set_template_paramiters(array(
            'content' => $view
        ));
    }
    function create_follower($id, $remote_url, $remote_name, 
        $remote_profile, $remote_avatar, $pub_key, $relation_pingback,
        $message_pingback)
    {
        $users = instance_model('users');
        $user = $users->verify_user_id($id);

        validate_pub_key($pub_key);
        $pub_key = base64_encode($pub_key);

        validate_url($remote_url);
        validate_username($remote_name);
        validate_url($remote_profile);
        validate_url($remote_avatar);
        validate_url($relation_pingback);
        validate_url($message_pingback);

        $query = "INSERT INTO `followers`
            (`User_ID`, `Remote_URL`, `Remote_name`, `Remote_profile`,
            `Remote_avatar`, `Remote_pub_key`, `Relation_pingback`,
            `Message_pingback`) VALUES
            ('@v', '@v', '@v', '@v', '@v', '@v', '@v', '@v')";

        $this->query($query, $id, $remote_url, $remote_name,
            $remote_profile, $remote_avatar, $pub_key,
            $relation_pingback, $message_pingback);
    }